iconv VIQR: Fix use-after-free during destruction.
PR lib/59019: various iconv issues
Prompted by investigating:
PR lib/60413: iconv_samples test crashes on sparc*
Fixed in FreeBSD back in 2022, and I confirmed -Wuse-after-free catches
this for us too, but we're not using it -- maybe we should:
commit 8f27c9d14a559f33aa7fc3245f841f7ce52fadd5
Author: John Baldwin <jhb at FreeBSD.org>
Date: Mon Oct 3 16:10:43 2022 -0700
libiconv VIQR: Fix a use after free.
Use TAILQ_FOREACH_SAFE to walk to list of children mnemonics to
free
[5 lines not shown]
Pull up following revision(s) (requested by mrg in ticket #372):
external/mit/xorg/lib/libEGL/Makefile: revision 1.10
external/mit/xorg/lib/driver.mk: revision 1.9
external/mit/xorg/lib/libgbm/Makefile: revision 1.11
external/mit/xorg/lib/libGL/Makefile: revision 1.36
ensure HAVE_NOATEXIT is properly set for all that need it.
Increase size of bpfjit interal stack, follow bpf_validate() closely.
Increase a size of M[] array allocated on the stack by bpfjit.
When bpf_validate() fails, bpfjit now fails too:
- Fail to validate/compile BVF_DIV+BPF_K and BPF_MOD+BPF_K with K=0.
- Fail unless the last instruction is BPF_RET+BPF_A or BPF_RET+BPF_K.
If a program contains additional BPF_RET instructions, it is accepted
by bpf_validate() and it compiles fine by bpfjit but both bpf_filter()
and bpfjit reject it (return 0) at runtime.
Adjust existing bpfjit test to follow the changes, add new tests.
defflag M68K_MMU_CUSTOM. Checks for this were added a while ago, but
the defflag was missed. It's not expected to be used directly by
configus, but is there as something other MMU options can add as a
dependency.
doc: Update mail/roundcube and related pacakges to 1.6.17
mail/roundcube
mail/roundcube-plugin-enigma
mail/roundcube-plugin-password
mail/roundcube-plugin-zipdownload
mail/roundcube: update to 1.6.17
1.6.17 (2026-07-05)
* Enigma: Support automatic public key lookup (import) using HKP v1 protocol
(#5314)
* Enigma: Kolab WOAT Support (#8626)
* Security: Fix an infinite loop in TNEF (winmail.dat) decoder (#10193)
* Security: Fix various vulnerabilities in the password plugin using
session-injected username
* Security: Fix stored XSS via unescaped attachment MIME type on the
attachment-validation warning page [CVE-2026-54432]
* Security: Fix SSRF bypass via specific local address URLs - two new cases
[5 lines not shown]
Pull up following revision(s) (requested by gson in ticket #371):
usr.sbin/sysinst/run.c: revision 1.17
usr.sbin/sysinst/defs.h: revision 1.98
usr.sbin/sysinst/util.c: revision 1.85
usr.sbin/sysinst/main.c: revision 1.39
Make sysinst intercept kernel console messages using TIOCCONS at all
times, not just when running an external command, and discard those
that occur when not running an external command so that they don't
mess up the display when running sysinst on the console. Fixes
PR install/54932.
nasm: updated to 3.0.2
3.02
Fix build problems on C23 compilers using a pre-C23 version of <stdbool.h> which defines bool as a macro in violation of the C23 specification.
The immediate form of the JMPE instruction (opcode 0F B8) has been changed to an absolute address, as in the Itanium Architecture Software Developer's Manual, version 2.3, Volume 4, page 4:249. Hopefully this won't break whatever virtual environments use JMPE, but it is the closest thing there is to an official specification for this opcode.
Being an absolute address, treat it equivalent to a FAR jump and do not default to 64 bits in 64-bit mode.
That JMPE has apparently been wrong all these years is probably as good of a hint as any how much it has been actually used, but it does have the possibility of breaking virtual environments. In that case, please file a bug report to https://bugs.nasm.us with details about the virtual environment, and we will figure out a suitable solution.
Various build fixes. Fix the documentation not building on MacOS because of the cp utility lacking -u there. Also fix not building generally due to wrong link formatting. Another fix was a typo in compiler.h related to a C++ check.
Corrections to assembling encodings:
Fix CMP allowing LOCK which is illegal.
Correct multiple AVX512 instructions such as VCVTSD2SI, VCVTSD2USI, VCVTSS2SI, VCVTSS2USI, VCVTTSD2SI, VCVTTSD2USI, VCVTTSS2SI, VCVTTSS2USI, VGETEXPSH, VGETMANTSH, MOVDDUP, VMOVDDUP.
[56 lines not shown]